Secure Blue is it really Secure?

Where is the con?

If your cpu is vulnerable to SMT then half your cpu cores will be gone no beginners would like to have this.

secureblue does hardening of the kernel’s cmdline and sysctls.

compile hardening is secure than runtime hardening thats why for hardened system you should combine both to create a secure environment.

While confined users would be great, using confined Selinux users puts burden on the users and leads to breakage.

That’s why i told its deliberate choice by secureblue and also it breaks many things i already mentioned this in post.

Some things which come to mind, which don’t work ootb with user_u:user_r:user_t: Flatpaks, Appimages, document scanners and Tor Browser.

I daily drive with confined user not just user_r role there are also few other roles. Yes ootb manythings doesnot work that’s why i mentioned use this for general browsing, coding and all other general tasks. One more thing Tor Browser works within user_r role i use it all time.